food-order

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md) instructs the agent to use ordercli commands and a browser session to fetch/read Foodora content (e.g., ordercli foodora history, ordercli foodora history show <orderCode>, and session chrome --url https://www.foodora.at/), so it ingests third‑party Foodora/restaurant/user-provided data that the agent must interpret to decide reorders and addresses, which could allow indirect injection to influence actions.